package org.gradle.api.internal.artifacts.verification.signatures;

import java.io.File;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.net.URI;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import org.gradle.api.internal.artifacts.repositories.transport.RepositoryTransportFactory;
import org.gradle.cache.internal.InMemoryCacheDecoratorFactory;
import org.gradle.cache.scopes.BuildScopedCacheBuilderFactory;
import org.gradle.cache.scopes.GlobalScopedCacheBuilderFactory;
import org.gradle.internal.UncheckedException;
import org.gradle.internal.hash.FileHasher;
import org.gradle.internal.hash.HashCode;
import org.gradle.internal.hash.Hashing;
import org.gradle.internal.impldep.com.google.common.collect.ImmutableList;
import org.gradle.internal.impldep.org.bouncycastle.openpgp.PGPException;
import org.gradle.internal.impldep.org.bouncycastle.openpgp.PGPPublicKey;
import org.gradle.internal.impldep.org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.gradle.internal.impldep.org.bouncycastle.openpgp.PGPSignature;
import org.gradle.internal.operations.BuildOperationExecutor;
import org.gradle.internal.resource.local.FileResourceListener;
import org.gradle.internal.service.scopes.Scopes;
import org.gradle.internal.service.scopes.ServiceScope;
import org.gradle.security.internal.EmptyPublicKeyService;
import org.gradle.security.internal.Fingerprint;
import org.gradle.security.internal.PublicKeyDownloadService;
import org.gradle.security.internal.PublicKeyResultBuilder;
import org.gradle.security.internal.PublicKeyService;
import org.gradle.security.internal.SecuritySupport;
import org.gradle.util.internal.BuildCommencedTimeProvider;

@ServiceScope(Scopes.Build.class)
/* loaded from: input_file:org/gradle/api/internal/artifacts/verification/signatures/DefaultSignatureVerificationServiceFactory.class */
public class DefaultSignatureVerificationServiceFactory implements SignatureVerificationServiceFactory {
    private static final HashCode NO_KEYRING_FILE_HASH = Hashing.signature((Class<?>) DefaultSignatureVerificationServiceFactory.class);
    private final RepositoryTransportFactory transportFactory;
    private final GlobalScopedCacheBuilderFactory globalScopedCacheBuilderFactory;
    private final InMemoryCacheDecoratorFactory decoratorFactory;
    private final BuildOperationExecutor buildOperationExecutor;
    private final FileHasher fileHasher;
    private final BuildScopedCacheBuilderFactory buildScopedCacheBuilderFactory;
    private final BuildCommencedTimeProvider timeProvider;
    private final boolean refreshKeys;
    private final FileResourceListener fileResourceListener;

    /* loaded from: input_file:org/gradle/api/internal/artifacts/verification/signatures/DefaultSignatureVerificationServiceFactory$DefaultSignatureVerificationService.class */
    private static class DefaultSignatureVerificationService implements SignatureVerificationService {
        private final PublicKeyService keyService;

        public DefaultSignatureVerificationService(PublicKeyService publicKeyService) {
            this.keyService = publicKeyService;
        }

        @Override // org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationService
        public void verify(final File file, File file2, final Set<String> set, final Set<String> set2, final SignatureVerificationResultBuilder signatureVerificationResultBuilder) {
            Iterator<PGPSignature> it = SecuritySupport.readSignatures(file2).iterator();
            while (it.hasNext()) {
                final PGPSignature next = it.next();
                String longIdHexString = SecuritySupport.toLongIdHexString(next.getKeyID());
                if (set2.contains(longIdHexString)) {
                    signatureVerificationResultBuilder.ignored(longIdHexString);
                } else {
                    final AtomicBoolean atomicBoolean = new AtomicBoolean(true);
                    this.keyService.findByLongId(next.getKeyID(), new PublicKeyResultBuilder() { // from class: org.gradle.api.internal.artifacts.verification.signatures.DefaultSignatureVerificationServiceFactory.DefaultSignatureVerificationService.1
                        @Override // org.gradle.security.internal.PublicKeyResultBuilder
                        public void keyRing(PGPPublicKeyRing pGPPublicKeyRing) {
                        }

                        @Override // org.gradle.security.internal.PublicKeyResultBuilder
                        public void publicKey(PGPPublicKey pGPPublicKey) {
                            atomicBoolean.set(false);
                            String fingerprint = Fingerprint.of(pGPPublicKey).toString();
                            if (set2.contains(fingerprint)) {
                                signatureVerificationResultBuilder.ignored(fingerprint);
                                return;
                            }
                            try {
                                if (SecuritySupport.verify(file, next, pGPPublicKey)) {
                                    signatureVerificationResultBuilder.verified(pGPPublicKey, set.contains(fingerprint) || set.contains(SecuritySupport.toLongIdHexString(pGPPublicKey.getKeyID())));
                                } else {
                                    signatureVerificationResultBuilder.failed(pGPPublicKey);
                                }
                            } catch (PGPException e) {
                                throw UncheckedException.throwAsUncheckedException(e);
                            }
                        }
                    });
                    if (atomicBoolean.get()) {
                        signatureVerificationResultBuilder.missingKey(longIdHexString);
                    }
                }
            }
        }

        @Override // org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationService
        public PublicKeyService getPublicKeyService() {
            return this.keyService;
        }

        @Override // org.gradle.internal.concurrent.Stoppable
        public void stop() {
            try {
                this.keyService.close();
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }
    }

    public DefaultSignatureVerificationServiceFactory(RepositoryTransportFactory repositoryTransportFactory, GlobalScopedCacheBuilderFactory globalScopedCacheBuilderFactory, InMemoryCacheDecoratorFactory inMemoryCacheDecoratorFactory, BuildOperationExecutor buildOperationExecutor, FileHasher fileHasher, BuildScopedCacheBuilderFactory buildScopedCacheBuilderFactory, BuildCommencedTimeProvider buildCommencedTimeProvider, boolean z, FileResourceListener fileResourceListener) {
        this.transportFactory = repositoryTransportFactory;
        this.globalScopedCacheBuilderFactory = globalScopedCacheBuilderFactory;
        this.decoratorFactory = inMemoryCacheDecoratorFactory;
        this.buildOperationExecutor = buildOperationExecutor;
        this.fileHasher = fileHasher;
        this.buildScopedCacheBuilderFactory = buildScopedCacheBuilderFactory;
        this.timeProvider = buildCommencedTimeProvider;
        this.refreshKeys = z;
        this.fileResourceListener = fileResourceListener;
    }

    @Override // org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationServiceFactory
    public SignatureVerificationService create(BuildTreeDefinedKeys buildTreeDefinedKeys, List<URI> list, boolean z) {
        boolean z2 = this.refreshKeys || !z;
        PublicKeyService applyTo = buildTreeDefinedKeys.applyTo(z ? new CrossBuildCachingKeyService(this.globalScopedCacheBuilderFactory, this.decoratorFactory, this.buildOperationExecutor, new PublicKeyDownloadService(ImmutableList.copyOf((Collection) list), this.transportFactory.createTransport("https", "https", Collections.emptyList(), collection -> {
        }).getRepository()), this.timeProvider, z2) : EmptyPublicKeyService.getInstance());
        File effectiveKeyringsFile = buildTreeDefinedKeys.getEffectiveKeyringsFile();
        return new CrossBuildSignatureVerificationService(new DefaultSignatureVerificationService(applyTo), this.fileHasher, this.buildScopedCacheBuilderFactory, this.decoratorFactory, this.timeProvider, z2, z, (effectiveKeyringsFile == null || !observed(effectiveKeyringsFile).exists()) ? NO_KEYRING_FILE_HASH : this.fileHasher.hash(effectiveKeyringsFile));
    }

    private File observed(File file) {
        this.fileResourceListener.fileObserved(file);
        return file;
    }
}
